In this work we propose a centrality measure for networks, which we refer to as Laplacian centrality, that provides a general framework for the centrality of a vertex based on the idea that the importance (or centrali...In this work we propose a centrality measure for networks, which we refer to as Laplacian centrality, that provides a general framework for the centrality of a vertex based on the idea that the importance (or centrality) of a vertex is related to the ability of the network to respond to the deactivation or removal of that vertex from the network. In particular, the Laplacian centrality of a vertex is defined as the relative drop of Laplacian energy caused by the deactivation of this vertex. The Laplacian energy of network G with?n?vertices is defined as , where ?is the eigenvalue of the Laplacian matrix of G. Other dynamics based measures such as that of Masuda and Kori and PageRank compute the importance of a node by analyzing the way paths pass through a node while our measure captures this information as well as the way these paths are “redistributed” when the node is deleted. The validity and robustness of this new measure are illustrated on two different terrorist social network data sets and 84 networks in James Moody’s Add Health in school friendship nomination data, and is compared with other standard centrality measures.展开更多
The gradual deployment of Low-Earth Orbit(LEO)mega constellations with inter-satellite links(ISLs)promises ubiquitous,low-latency,and high-throughput satellite network services.However,networked LEO satellites with IS...The gradual deployment of Low-Earth Orbit(LEO)mega constellations with inter-satellite links(ISLs)promises ubiquitous,low-latency,and high-throughput satellite network services.However,networked LEO satellites with ISLs are also at risk of routing attacks such as hijacking.Existing defenses against route hijacking in terrestrial networks can hardly work for the LEO satellite network due to its high spatiotemporal dynamics.To deal with it,we propose RPD,a high-risk routing path detection method for LEO mega-constellation networks.RPD detects abnormal high-risk LEO network paths by checking the consistency between the path delay and the geographical distance.This is efficiently achieved by combining in-band measurements and out-of-band statistical processing to detect the anomaly of the clustering feature in the reference delay matrix.RPD avoids the recalculation of the header cryptographic marks when the handover occurs,thus greatly reducing the cost and improving the performance of highrisk path detection.Experiments showed that the proposed RPD mechanism achieves an average detection accuracy of 91.64%under normal network conditions,and maintain about 89%even when congestion occurs in multiple areas of the network and measurement noise is considered.In addition,RPD does not require any cryptographic operation on the intermediate node,only minimal communication cost with excellent scalability and deployability.展开更多
Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits s...Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.展开更多
This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries l...This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries launch deauthentication flood attacks cutting users' connection, the connection managers will automatically research the last access point's extended service set identifier (ESSID) and then re-establish connection. However, such re-connection can lead the users to a fake access point with the same ESSID set by attackers. As the attackers hide behind users' access points, they can pass AL's authentication and security schemes, e.g. secure socket layer (SSL). We have proved that they can even spy on users' account details, passwords, data and privacy.展开更多
The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to sessio...The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.展开更多
Traffic hijacking is a common attack perpetrated on networked systems, where attackers eavesdrop on user transactions, manipulate packet data, and divert traffic to illegitimate locations. Similar attacks can also be ...Traffic hijacking is a common attack perpetrated on networked systems, where attackers eavesdrop on user transactions, manipulate packet data, and divert traffic to illegitimate locations. Similar attacks can also be unleashed in a NoC (Network on Chip) based system where the NoC comes from a third-party vendor and can be engrafted with hardware Trojans. Unlike the attackers on a traditional network, those Trojans are usually small and have limited capacity. This paper targets such a hardware Trojan;Specifically, the Trojan aims to divert traffic packets to unauthorized locations on the NoC. To detect this kind of traffic hijacking, we propose an authentication scheme in which the source and destination addresses are tagged. We develop a custom design for the packet tagging and authentication such that the implementation costs can be greatly reduced. Our experiments on a set of applications show that on average the detection circuitry incurs about 3.37% overhead in area, 2.61% in power, and 0.097% in performance when compared to the baseline design.展开更多
类比构词(Wora—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,workaholic(工作迷)系仿alco—ho...类比构词(Wora—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,workaholic(工作迷)系仿alco—holic(嗜酒者)而造,而seajack(海上劫持)和skyjack(空中劫持)则是类比hijack(拦路抢劫)而成,故都属类比词。展开更多
Viruses typically have small genomes with limited coding capacity and must,therefore,rely intensively on the host’s cellular machinery to complete their life cycles.Plant viruses are no exception.To establish a succe...Viruses typically have small genomes with limited coding capacity and must,therefore,rely intensively on the host’s cellular machinery to complete their life cycles.Plant viruses are no exception.To establish a successful infection,they must hijack host functions to support transcription,replication,intra-and intercellular movement,and encapsidation of the viral genome,all while evading host immune defenses.展开更多
With the rapid development of operating systems,attacks on system vulnerabilities are increasing.Dynamic link library(DLL)hijacking is prevalent in installers on freeware platforms and is highly susceptible to exploit...With the rapid development of operating systems,attacks on system vulnerabilities are increasing.Dynamic link library(DLL)hijacking is prevalent in installers on freeware platforms and is highly susceptible to exploitation by malware attackers.However,existing studies are based solely on the load paths of DLLs,ignoring the attributes of installers and invocation modes,resulting in low accuracy and weak generality of vulnerability detection.In this paper,we propose a novel model,AB-DHD,which is based on an attention mechanism and a bi-directional gated recurrent unit(BiGRU)neural network for DLL hijacking vulnerability discovery.While BiGRU is an enhancement of GRU and has been widely applied in sequence data processing,a double-layer BiGRU network is introduced to analyze the internal features of installers with DLL hijacking vulnerabilities.Additionally,an attention mechanism is incorporated to dynamically adjust feature weights,significantly enhancing the ability of our model to detect vulnerabilities in new installers.A comprehensive“List of Easily Hijacked DLLs”is developed to serve a reference for future studies.We construct an EXEFul dataset and a DLLVul dataset,using data from two publicly available authoritative vulnerability databases,Common Vulnerabilities&Exposures(CVE)and China National Vulnerability Database(CNVD),and mainstream installer distribution platforms.Experimental results show that our model outperforms popular automated tools like Rattler and DLLHSC,achieving an accuracy of 97.79%and a recall of 94.72%.Moreover,17 previously unknown vulnerabilities have been identified,and corresponding vulnerability certifications have been assigned.展开更多
Dear Editor,Although primary metabolism is assumed to be highly evolutionarily conserved in plants,specialized metabolism is more prone to active diversification to allow adaptation to changing environments.Notably,th...Dear Editor,Although primary metabolism is assumed to be highly evolutionarily conserved in plants,specialized metabolism is more prone to active diversification to allow adaptation to changing environments.Notably,this diversification results from core metabolic enzyme hijacking or gene duplication events that are highly prevalent in plants,as observed for cytochrome P450s.展开更多
The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method...The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.展开更多
Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose secu...Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android due to the presence of effective defense mechanisms. In this work, we propose the first automated and adaptive activity hijacking attack, named VenomAttack, enabling a spectrum of customized attacks (e.g., phishing, spoofing, and DoS) on a large scale in recent Android, even the state-of-the-art defense mechanisms are deployed. Specifically, we propose to use hotpatch techniques to identify vulnerable devices and update attack payload without re-installation and re-distribution, hence bypassing offline detection. We present a newly-discovered flaw in Android and a bug in derivatives of Android, each of which allows us to check if a target app is running in the background or not, by which we can determine the right attack timing via a designed transparent activity. We also propose an automated fake activity generation approach, allowing large-scale attacks. Requiring only the common permission INTERNET, we can hijack activities at the right timing without destroying the GUI integrity of the foreground app. We conduct proof-of-concept attacks, showing that VenomAttack poses severe security risks on recent Android versions. The user study demonstrates the effectiveness of VenomAttack in real-world scenarios, achieving a high success rate (95%) without users’ awareness. That would call more attention to the stakeholders like Google.展开更多
文摘In this work we propose a centrality measure for networks, which we refer to as Laplacian centrality, that provides a general framework for the centrality of a vertex based on the idea that the importance (or centrality) of a vertex is related to the ability of the network to respond to the deactivation or removal of that vertex from the network. In particular, the Laplacian centrality of a vertex is defined as the relative drop of Laplacian energy caused by the deactivation of this vertex. The Laplacian energy of network G with?n?vertices is defined as , where ?is the eigenvalue of the Laplacian matrix of G. Other dynamics based measures such as that of Masuda and Kori and PageRank compute the importance of a node by analyzing the way paths pass through a node while our measure captures this information as well as the way these paths are “redistributed” when the node is deleted. The validity and robustness of this new measure are illustrated on two different terrorist social network data sets and 84 networks in James Moody’s Add Health in school friendship nomination data, and is compared with other standard centrality measures.
基金supported by National Key Research and Development Plan of China under Grant 2022YFB3105203National Natural Science Foundation of China(62132009)+2 种基金key fund of National Natural Science Foundation of China(62272266)Tsinghua University-China Mobile Communications Group Co.,Ltd.Joint InstituteZhongguancun Laboratory。
文摘The gradual deployment of Low-Earth Orbit(LEO)mega constellations with inter-satellite links(ISLs)promises ubiquitous,low-latency,and high-throughput satellite network services.However,networked LEO satellites with ISLs are also at risk of routing attacks such as hijacking.Existing defenses against route hijacking in terrestrial networks can hardly work for the LEO satellite network due to its high spatiotemporal dynamics.To deal with it,we propose RPD,a high-risk routing path detection method for LEO mega-constellation networks.RPD detects abnormal high-risk LEO network paths by checking the consistency between the path delay and the geographical distance.This is efficiently achieved by combining in-band measurements and out-of-band statistical processing to detect the anomaly of the clustering feature in the reference delay matrix.RPD avoids the recalculation of the header cryptographic marks when the handover occurs,thus greatly reducing the cost and improving the performance of highrisk path detection.Experiments showed that the proposed RPD mechanism achieves an average detection accuracy of 91.64%under normal network conditions,and maintain about 89%even when congestion occurs in multiple areas of the network and measurement noise is considered.In addition,RPD does not require any cryptographic operation on the intermediate node,only minimal communication cost with excellent scalability and deployability.
基金the National Natural Science Foundation of China,GrantNumbers(62272007,62001007)the Natural Science Foundation of Beijing,GrantNumbers(4234083,4212018)The authors also acknowledge the support from King Khalid University for funding this research through the Large Group Project under Grant Number RGP.2/373/45.
文摘Border Gateway Protocol(BGP)is a standard inter-domain routing protocol for the Internet that conveys network layer reachability information and establishes routes to different destinations.The BGP protocol exhibits security design defects,such as an unconditional trust mechanism and the default acceptance of BGP route announcements from peers by BGP neighboring nodes,easily triggering prefix hijacking,path forgery,route leakage,and other BGP security threats.Meanwhile,the traditional BGP security mechanism,relying on a public key infrastructure,faces issues like a single point of failure and a single point of trust.The decentralization,anti-tampering,and traceability advantages of blockchain offer new solution ideas for constructing secure and trusted inter-domain routing mechanisms.In this paper,we summarize the characteristics of BGP protocol in detail,sort out the BGP security threats and their causes.Additionally,we analyze the shortcomings of the traditional BGP security mechanism and comprehensively evaluate existing blockchain-based solutions to address the above problems and validate the reliability and effectiveness of blockchain-based BGP security methods in mitigating BGP security threats.Finally,we discuss the challenges posed by BGP security problems and outline prospects for future research.
基金the National Science Council (No. NSC-99-2219-E-033-001)the Foundation of the Chung Yuan Christian University (1004) (No. CYCU-EECS.9801)
文摘This paper aims at analyzing the security issues that lie in the application layer (AL) protocols when users connect to the Internet via a wireless local area network (WLAN) through an access point. When adversaries launch deauthentication flood attacks cutting users' connection, the connection managers will automatically research the last access point's extended service set identifier (ESSID) and then re-establish connection. However, such re-connection can lead the users to a fake access point with the same ESSID set by attackers. As the attackers hide behind users' access points, they can pass AL's authentication and security schemes, e.g. secure socket layer (SSL). We have proved that they can even spy on users' account details, passwords, data and privacy.
文摘The border gateway protocol (BGP) is the default inter domain routing protocol used on the internet for exchanging information between autonomous systems. Available literature suggests that BGP is vulnerable to session hijacking attacks. There are a number of proposals aimed at improving BGP security which have not been fully implemented. This paper examines a number of approaches for securing BGP through a comparative study and identifies the reasons why these proposals have not been implemented commercially. This paper analyses the architecture of internet routing and the design of BGP while focusing on the problem of BGP session hijacking attacks. Using Graphical Network Simulator 3 (GNS-3), a session hijack is demonstrated and a solution which involves the implementation of route filtering, policy-maps and route-maps on CISCO routers representing ASes is carried out. In the end, a workable industry standard framework for securing and protecting BGP sessions and border routers from exploitation with little or no modification to the existing routing infrastructure is demonstrated.
文摘Traffic hijacking is a common attack perpetrated on networked systems, where attackers eavesdrop on user transactions, manipulate packet data, and divert traffic to illegitimate locations. Similar attacks can also be unleashed in a NoC (Network on Chip) based system where the NoC comes from a third-party vendor and can be engrafted with hardware Trojans. Unlike the attackers on a traditional network, those Trojans are usually small and have limited capacity. This paper targets such a hardware Trojan;Specifically, the Trojan aims to divert traffic packets to unauthorized locations on the NoC. To detect this kind of traffic hijacking, we propose an authentication scheme in which the source and destination addresses are tagged. We develop a custom design for the packet tagging and authentication such that the implementation costs can be greatly reduced. Our experiments on a set of applications show that on average the detection circuitry incurs about 3.37% overhead in area, 2.61% in power, and 0.097% in performance when compared to the baseline design.
文摘类比构词(Wora—Formation by Analogy)是英语中一种有趣而又实用的构词方式。其构词特点是,以某个同类词为模式,在语义上进行联想类比,替换其中某个词素,构造出与之对应或类似的新词来。例如,workaholic(工作迷)系仿alco—holic(嗜酒者)而造,而seajack(海上劫持)和skyjack(空中劫持)则是类比hijack(拦路抢劫)而成,故都属类比词。
基金supported by the National Institute of Science and Technology in Plant-Pest Interactions/Fapemig/CNPq(grant nos..406440/2022-O and APQ-03986-24 to E.P.B.F.).M.A.F.and F.D.A.S.are Postdoctoral Fellows of CNPq.
文摘Viruses typically have small genomes with limited coding capacity and must,therefore,rely intensively on the host’s cellular machinery to complete their life cycles.Plant viruses are no exception.To establish a successful infection,they must hijack host functions to support transcription,replication,intra-and intercellular movement,and encapsidation of the viral genome,all while evading host immune defenses.
基金supported by the National Natural Science Foundation of China under Grant Nos.62072253,62172258,62302238,and 62372245the CCF-Tencent Rhino-Bird Open Research Fund,the Major Science and Technology Demonstration Project of Jiangsu Provincial Key Research and Development Program under Grant No.BE2022798the Postgraduate Research and Practice Innovation Program of Jiangsu Province of China under Grant No.KYCX20_0829.
文摘With the rapid development of operating systems,attacks on system vulnerabilities are increasing.Dynamic link library(DLL)hijacking is prevalent in installers on freeware platforms and is highly susceptible to exploitation by malware attackers.However,existing studies are based solely on the load paths of DLLs,ignoring the attributes of installers and invocation modes,resulting in low accuracy and weak generality of vulnerability detection.In this paper,we propose a novel model,AB-DHD,which is based on an attention mechanism and a bi-directional gated recurrent unit(BiGRU)neural network for DLL hijacking vulnerability discovery.While BiGRU is an enhancement of GRU and has been widely applied in sequence data processing,a double-layer BiGRU network is introduced to analyze the internal features of installers with DLL hijacking vulnerabilities.Additionally,an attention mechanism is incorporated to dynamically adjust feature weights,significantly enhancing the ability of our model to detect vulnerabilities in new installers.A comprehensive“List of Easily Hijacked DLLs”is developed to serve a reference for future studies.We construct an EXEFul dataset and a DLLVul dataset,using data from two publicly available authoritative vulnerability databases,Common Vulnerabilities&Exposures(CVE)and China National Vulnerability Database(CNVD),and mainstream installer distribution platforms.Experimental results show that our model outperforms popular automated tools like Rattler and DLLHSC,achieving an accuracy of 97.79%and a recall of 94.72%.Moreover,17 previously unknown vulnerabilities have been identified,and corresponding vulnerability certifications have been assigned.
基金supported by the Agence Nationale de la Recherche(ANR,project MIACYC-ANR-20-CE43-0010)the Région Centre-Val de Loire(ARP-IR ScaleBio project)the European Union’s Horizon Europe Framework(project COMBO under agreement N°101135438).
文摘Dear Editor,Although primary metabolism is assumed to be highly evolutionarily conserved in plants,specialized metabolism is more prone to active diversification to allow adaptation to changing environments.Notably,this diversification results from core metabolic enzyme hijacking or gene duplication events that are highly prevalent in plants,as observed for cytochrome P450s.
基金supported by the Hebei Provincial Natural Science Foundation(Nos.F2016203290 and F2017203307)the National Natural Science Foundation of China(No.61772450)+3 种基金the Doctoral Foundation of Yanshan University(Nos.BL18011 and B906)the Hebei Normal University of Science and Technology Scientific Research Foundation(No.2018YB019)the China Postdoctoral Science Foundation(No.2018M631764)the Hebei Province Science and Technology Planning Project(No.17210701D)
文摘The Android operating system provides a rich Inter-Component Communication(ICC) method that brings enormous convenience. However, the Android ICC also increases security risks. To address this problem, a formal method is proposed to model and detect inter-component communication behavior in Android applications. Firstly,we generate data flow graphs and data facts for each component through component-level data flow analysis.Secondly, our approach treats ICC just like method calls. After analyzing the fields and data dependencies of the intent, we identify the ICC caller and callee, track the data flow between them, and construct the ICC model. Thirdly,the behavior model of Android applications is constructed by a formal mapping method for component data flow graph based on Pi calculus. The runtime sensitive path trigger detection algorithm is then given. Communicationbased attacks are detected by analyzing intent abnormity. Finally, we analyze the modeling and detection efficiency,and compare it with relevant methods. Analysis of 57 real-world applications partly verifies the effectiveness of the proposed method.
基金supported by the National Natural Science Foundation of China (Grant Nos. 62072309 and 6171101225).
文摘Activity hijacking is one of the most powerful attacks in Android. Though promising, all the prior activity hijacking attacks suffer from some limitations and have limited attack capabilities. They no longer pose security threats in recent Android due to the presence of effective defense mechanisms. In this work, we propose the first automated and adaptive activity hijacking attack, named VenomAttack, enabling a spectrum of customized attacks (e.g., phishing, spoofing, and DoS) on a large scale in recent Android, even the state-of-the-art defense mechanisms are deployed. Specifically, we propose to use hotpatch techniques to identify vulnerable devices and update attack payload without re-installation and re-distribution, hence bypassing offline detection. We present a newly-discovered flaw in Android and a bug in derivatives of Android, each of which allows us to check if a target app is running in the background or not, by which we can determine the right attack timing via a designed transparent activity. We also propose an automated fake activity generation approach, allowing large-scale attacks. Requiring only the common permission INTERNET, we can hijack activities at the right timing without destroying the GUI integrity of the foreground app. We conduct proof-of-concept attacks, showing that VenomAttack poses severe security risks on recent Android versions. The user study demonstrates the effectiveness of VenomAttack in real-world scenarios, achieving a high success rate (95%) without users’ awareness. That would call more attention to the stakeholders like Google.
